Move option http.web_ui_basepath to extension.admin_ui.base_path

2019-02-17 04:54:26 +00:00
parent 6911842e67
commit 9c9119f9cd
8 changed files with 36 additions and 23 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -54,9 +54,6 @@ beef:
        #public: ""      # public hostname/IP address
        #public_port: "" # public port (experimental)

-        # Web Admin user interface URI
-        web_ui_basepath: "/ui"
-
        # Hook
        hook_file: "/hook.js"
        hook_session_name: "BEEFHOOK"
@@ -155,6 +152,7 @@ beef:
    extension:
        admin_ui:
            enable: true
+            base_path: "/ui"
        demos:
            enable: true
        events:
--- a/core/main/console/banners.rb
+++ b/core/main/console/banners.rb
@@ -80,14 +80,14 @@ module Banners
      proto = configuration.get("beef.http.https.enable") == true ? 'https' : 'http'
      hook_file = configuration.get("beef.http.hook_file")
      admin_ui = configuration.get("beef.extension.admin_ui.enable") ? true : false
-      web_ui_basepath = configuration.get("beef.http.web_ui_basepath")
+      admin_ui_path = configuration.get("beef.extension.admin_ui.base_path")

      # display the hook URL and Admin UI URL on each interface from the interfaces array
      self.interfaces.map do |host|
        print_info "running on network interface: #{host}"
        port = configuration.get("beef.http.port")
        data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
-        data += "UI URL:   #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui
+        data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
        print_more data
      end

@@ -97,7 +97,7 @@ module Banners
        port = configuration.get("beef.http.public_port") || configuration.get('beef.http.port')
        print_info 'Public:'
        data = "Hook URL: #{proto}://#{host}:#{port}#{hook_file}\n"
-        data += "UI URL:   #{proto}://#{host}:#{port}#{web_ui_basepath}/panel\n" if admin_ui
+        data += "UI URL:   #{proto}://#{host}:#{port}#{admin_ui_path}/panel\n" if admin_ui
        print_more data
      end
    end
--- a/core/main/router/router.rb
+++ b/core/main/router/router.rb
@@ -130,7 +130,7 @@ module BeEF
        # @note Default root page
        get "/" do
          if config.get("beef.http.web_server_imitation.enable")
-            bp = config.get "beef.http.web_ui_basepath"
+            bp = config.get "beef.extension.admin_ui.base_path"
            type = config.get("beef.http.web_server_imitation.type")
            case type
              when "apache"
--- a/core/main/server.rb
+++ b/core/main/server.rb
@@ -152,6 +152,10 @@ module BeEF
          print_warning 'Warning: Default SSL cert/key in use.'
          print_more 'Use the generate-certificate utility to generate a new certificate.'
        end
+      rescue => e
+        print_error "Failed to prepare HTTP server: #{e.message}"
+	puts e.backtrace
+	exit 1
      end

      #
--- a/extensions/admin_ui/api/handler.rb
+++ b/extensions/admin_ui/api/handler.rb
@@ -51,7 +51,7 @@ module API
      end

      config = BeEF::Core::Configuration.instance
-      bp = config.get "beef.http.web_ui_basepath"
+      bp = config.get "beef.extension.admin_ui.base_path"

      # if more dynamic variables are needed in JavaScript files
      # add them here in the following Hash
@@ -75,7 +75,7 @@ module API
      config = BeEF::Core::Configuration.instance

      # Web UI base path, like http://beef_domain/<bp>/panel
-      bp = config.get "beef.http.web_ui_basepath"
+      bp = config.get "beef.extension.admin_ui.base_path"

      # registers the http controllers used by BeEF core (authentication, logs, modules and panel)
      Dir["#{$root_dir}/extensions/admin_ui/controllers/**/*.rb"].each do |http_module|
--- a/extensions/admin_ui/classes/httpcontroller.rb
+++ b/extensions/admin_ui/classes/httpcontroller.rb
@@ -24,6 +24,10 @@ module AdminUI
    def initialize(data = {})
      @erubis = nil
      @status = 200 if data['status'].nil?
+      @session = BeEF::Extension::AdminUI::Session.instance
+
+      config = BeEF::Core::Configuration.instance
+      @bp = config.get "beef.extension.admin_ui.base_path"

      @headers = {'Content-Type' => 'text/html; charset=UTF-8'} if data['headers'].nil?

@@ -40,11 +44,8 @@ module AdminUI
    def run(request, response)
      @request = request
      @params = request.params
-      @session = BeEF::Extension::AdminUI::Session.instance
-      config = BeEF::Core::Configuration.instance

      # Web UI base path, like http://beef_domain/<bp>/panel
-      @bp = config.get "beef.http.web_ui_basepath"
      auth_url = "#{@bp}/authentication"
      
      # test if session is unauth'd and whether the auth functionality is requested
@@ -77,7 +78,6 @@ module AdminUI
      # set content type
      if @headers['Content-Type'].nil?
        @headers['Content-Type']='text/html; charset=UTF-8' # default content and charset type for all pages
-        @headers['Content-Type']='application/json; charset=UTF-8' if request.path =~ /\.json$/
      end
    rescue => e
      print_error "Error handling HTTP request: #{e.message}"
@@ -85,22 +85,27 @@ module AdminUI
    end

    # Constructs a html script tag (from media/javascript directory)
-    def script_tag(filename) "<script src=\"#{$url}#{@bp}/media/javascript/#{filename}\" type=\"text/javascript\"></script>" end
+    def script_tag(filename)
+      "<script src=\"#{$url}#{@bp}/media/javascript/#{filename}\" type=\"text/javascript\"></script>"
+    end

    # Constructs a html script tag (from media/javascript-min directory)
-    def script_tag_min(filename) "<script src=\"#{$url}#{@bp}/media/javascript-min/#{filename}\" type=\"text/javascript\"></script>" end
+    def script_tag_min(filename)
+      "<script src=\"#{$url}#{@bp}/media/javascript-min/#{filename}\" type=\"text/javascript\"></script>"
+    end

    # Constructs a html stylesheet tag
-    def stylesheet_tag(filename) "<link rel=\"stylesheet\" href=\"#{$url}#{@bp}/media/css/#{filename}\" type=\"text/css\" />" end
+    def stylesheet_tag(filename)
+      "<link rel=\"stylesheet\" href=\"#{$url}#{@bp}/media/css/#{filename}\" type=\"text/css\" />"
+    end

    # Constructs a hidden html nonce tag
    def nonce_tag 
-      @session = BeEF::Extension::AdminUI::Session.instance
-      "<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"" + @session.get_nonce + "\"/>"
+      "<input type=\"hidden\" name=\"nonce\" id=\"nonce\" value=\"#{@session.get_nonce}\"/>"
    end

    def base_path
-      "#{@bp}"
+      @bp.to_s
    end

    private
@@ -108,10 +113,10 @@ module AdminUI
    @eruby
    
    # Unescapes a URL-encoded string.
-    def unescape(s); s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')} end
-    
-  end
-
+    def unescape(s)
+      s.tr('+', ' ').gsub(/%([\da-f]{2})/in){[$1].pack('H*')}
+    end
+  end
 end
 end
 end
--- a/extensions/admin_ui/config.yaml
+++ b/extensions/admin_ui/config.yaml
@@ -8,8 +8,14 @@ beef:
        admin_ui:
            name: 'Admin UI'
            enable: false
+
+            # Admin UI base path
+            base_path: "/ui"
+
+            # Favicon
            favicon_file_name: "favicon.ico"
            favicon_dir: "/images"
+
            login_fail_delay: 1
            play_sound_on_new_zombie: false

--- a/extensions/demos/html/basic.html
+++ b/extensions/demos/html/basic.html
@@ -16,7 +16,7 @@
 <body>
  <div style='font:12px tahoma,arial,helvetica,sans-serif; width: 450px; margin: 0 auto;' >

-    <img src='<%= BeEF::Core::Configuration.instance.get("beef.http.web_ui_basepath") %>/media/images/beef.jpg' />
+    <img src='beef.jpg' />

    <p>You should be hooked into <b>BeEF</b>.</p>
    <p>Have fun while your browser is working against you.</p>